Insecure JMX RMI Adapter Configurations were found to have a JMX RMI adapter exposed on TCP port 1099 without authentication being required.
This was identified on the CA Data Aggregator (DA) and CA Data Collector (DC) servers in a production environment.
This allowed successful connections to several of these JMX RMI adapters. It also allowed the load of a malicious mBean which permitted remote command execution.
How can this be resolved to secure the system from intrusion and malicious activity?
All supported CA Performance Management releases
The DA and DC servers use port 1099 (DA/DC services) and port 11099 (AMQ service) for JVM monitoring.
Self Monitoring connects to the JMX to gather data. The DA and DC servers must be able to connect to their own 1099 and 11099 ports.
Server administrators can block outside access to the 1099 and 11099 ports. That way only being on the box will allow connection to the JVMs via JMX RMI.
Any other limitations on those ports would break the CA Performance Management Self Monitoring functionality.